Epsilon - 2011

Epsilon, an email service provider for companies, reported a breach that affected approximately two percent of its 2,500 clients. Only e-mail addresses and names were stolen. Epsilon has not disclosed the names of the companies affected or the total number of names stolen. However, millions of customers have received notices from a growing list of affected companies (http://www.databreaches.net/?p=17374), making this the largest security breach ever.The Secret Service is investigating this breach. Customers are expected to receive targeted spam that has their name and email address, and appears to come from one of the affected companies. These phishing attempts could result in further loss of consumer personal information. People who receive spam should report it to phishing-report@us.cert.gov.UPDATE (05/02/2011): The original estimate of companies affected was changed from 2% to 3% of Epsilon customers.  A total of 75 companies were affected and these companies may end up paying a combined amount of $412 million in damage control. Epsilon itself could pay $225 million. Some estimate the total cost of the Epsilon breach could run as high as $3-$4 billion in forensic audits and monitoring, fines, litigation, and lost business for provider and customers.  Conservative estimates place the number of customer email addresses breached at 50-60 million.  The total of customer emails exposed could reach 250 million.